You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@orc.apache.org by do...@apache.org on 2022/08/24 05:48:51 UTC
[orc] branch branch-1.8 updated: ORC-1212: Upgrade `protobuf-java` to 3.17.3
This is an automated email from the ASF dual-hosted git repository.
dongjoon pushed a commit to branch branch-1.8
in repository https://gitbox.apache.org/repos/asf/orc.git
The following commit(s) were added to refs/heads/branch-1.8 by this push:
new bd0f870bb ORC-1212: Upgrade `protobuf-java` to 3.17.3
bd0f870bb is described below
commit bd0f870bb3e177a99c2a4b03b4ece9c1d30c1ce2
Author: Dongjoon Hyun <do...@apache.org>
AuthorDate: Tue Aug 23 22:47:42 2022 -0700
ORC-1212: Upgrade `protobuf-java` to 3.17.3
This PR aims to upgrade `protobuf-java` to 3.17.3 for Apache ORC v1.8.0+.
- CVE-2021-22569 is fixed at 3.16.1+
- `osx_aarch_64` artifact is supported at 3.17.3+
- https://repo1.maven.org/maven2/com/google/protobuf/protoc/3.17.3/ (with osx_aarch_64 artifact)
Pass the CIs and check the log manually to find `protoc-3.17.3-osx-aarch_64.exe`.
```
[INFO] Protoc version: 3.17.3
protoc-jar: protoc version: 3.17.3, detected platform: osx-aarch_64 (mac os x/aarch64)
protoc-jar: using default maven settings, didn't find user settings.xml
protoc-jar: cached: /var/folders/d4/dr6zxyvd4cl38877bj3fxs_m0000gn/T/protocjar.webcache/com/google/protobuf/protoc/maven-metadata.xml
protoc-jar: using default maven settings, didn't find user settings.xml
protoc-jar: cached: /var/folders/d4/dr6zxyvd4cl38877bj3fxs_m0000gn/T/protocjar.webcache/com/github/os72/protoc/maven-metadata.xml
protoc-jar: using default maven settings, didn't find user settings.xml
protoc-jar: cached: /var/folders/d4/dr6zxyvd4cl38877bj3fxs_m0000gn/T/protocjar.webcache/com/google/protobuf/protoc/maven-metadata.xml
protoc-jar: downloading: https://repo.maven.apache.org/maven2/com/google/protobuf/protoc/3.17.3/protoc-3.17.3-osx-aarch_64.exe
protoc-jar: saved: /var/folders/d4/dr6zxyvd4cl38877bj3fxs_m0000gn/T/protocjar.webcache/com/google/protobuf/protoc/3.17.3/protoc-3.17.3-osx-aarch_64.exe
protoc-jar: executing: [/var/folders/d4/dr6zxyvd4cl38877bj3fxs_m0000gn/T/protocjar12212425749339978128/bin/protoc.exe, --version]
libprotoc 3.17.3
[INFO] Protoc command: /var/folders/d4/dr6zxyvd4cl38877bj3fxs_m0000gn/T/protocjar12212425749339978128/bin/protoc.exe
[INFO] Input directories:
[INFO] /Users/dongjoon/APACHE/orc-merge/proto
[INFO] Include directories:
[INFO] /Users/dongjoon/APACHE/orc-merge/proto
[INFO] Output targets:
[INFO] java: /Users/dongjoon/APACHE/orc-merge/java/core/target/generated-sources (add: none, clean: false, plugin: null, outputOptions: null)
[INFO] /Users/dongjoon/APACHE/orc-merge/java/core/target/generated-sources does not exist. Creating...
[INFO] Processing (java): orc_proto.proto
protoc-jar: executing: [/var/folders/d4/dr6zxyvd4cl38877bj3fxs_m0000gn/T/protocjar12212425749339978128/bin/protoc.exe, -I/Users/dongjoon/APACHE/orc-merge/proto, -I/Users/dongjoon/APACHE/orc-merge/proto, --java_out=/Users/dongjoon/APACHE/orc-merge/java/core/target/generated-sources, /Users/dongjoon/APACHE/orc-merge/proto/orc_proto.proto]
[INFO]
```
Closes #1231 from dongjoon-hyun/ORC-1212.
Authored-by: Dongjoon Hyun <do...@apache.org>
Signed-off-by: Dongjoon Hyun <do...@apache.org>
(cherry picked from commit 405fd5729a98203ffa117768dec879c850d42ee6)
Signed-off-by: Dongjoon Hyun <do...@apache.org>
---
.github/dependabot.yml | 4 ++--
java/pom.xml | 18 ++----------------
2 files changed, 4 insertions(+), 18 deletions(-)
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 316de3f0c..c0383bef3 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -39,9 +39,9 @@ updates:
# Pin maven-dependency-plugin to 3.1.2 due to MDEP-753, MDEP-757, MDEP-759
- dependency-name: "org.apache.maven.plugins:maven-dependency-plugin"
versions: "[3.2.0,)"
- # Pin protobuf-java to 2.5.0
+ # Pin protobuf-java to 3.17.3
- dependency-name: "com.google.protobuf:protobuf-java"
- versions: "[2.5.1,)"
+ versions: "[3.17.4,)"
# Pin jodd-core to 3.5.2
- dependency-name: "org.jodd:jodd-core"
versions: "[3.5.3,)"
diff --git a/java/pom.xml b/java/pom.xml
index 2deb279b1..0f91c9501 100644
--- a/java/pom.xml
+++ b/java/pom.xml
@@ -79,7 +79,6 @@
<maven-assembly-plugin.version>3.4.1</maven-assembly-plugin.version>
<maven-shade-plugin.version>3.2.4</maven-shade-plugin.version>
<slf4j.version>1.7.36</slf4j.version>
- <protoc.artifact>com.google.protobuf:protoc:2.5.0</protoc.artifact>
<surefire.version>3.0.0-M5</surefire.version>
<junit.version>5.8.2</junit.version>
<mockito.version>4.6.1</mockito.version>
@@ -437,8 +436,7 @@
<goal>run</goal>
</goals>
<configuration>
- <protocArtifact>${protoc.artifact}</protocArtifact>
- <protocVersion>2.5.0</protocVersion>
+ <protocVersion>3.17.3</protocVersion>
<addSources>none</addSources>
<includeDirectories>
<include>../../proto</include>
@@ -550,18 +548,6 @@
<module>bench</module>
</modules>
</profile>
- <profile>
- <id>aarch64</id>
- <properties>
- <protoc.artifact>com.google.protobuf:protoc:2.5.0:exe:osx-x86_64</protoc.artifact>
- </properties>
- <activation>
- <os>
- <family>mac</family>
- <arch>aarch64</arch>
- </os>
- </activation>
- </profile>
<profile>
<id>java17</id>
<activation>
@@ -632,7 +618,7 @@
<dependency>
<groupId>com.google.protobuf</groupId>
<artifactId>protobuf-java</artifactId>
- <version>2.5.0</version>
+ <version>3.17.3</version>
</dependency>
<dependency>
<groupId>com.opencsv</groupId>